Compliance

Prisme.ai is committed to maintaining the highest standards of security and compliance. This page outlines our certifications, regulatory compliance measures, and the frameworks we adhere to in order to protect your data and ensure our services meet industry standards.

Security Certifications

Prisme.ai is achieving the following security certification:

ISO 27001

Information Security Management System certification

ISO 27001

ISO 27001 is an internationally recognized standard for information security management. Our certification confirms that Prisme.ai:

Systematically examines security risks
Implements comprehensive security controls
Adopts a management process to ensure controls meet security needs over time
Maintains an information security management system (ISMS) that protects customer data

Prisme.ai’s ISO 27001 certification covers our entire cloud infrastructure, application platform, and supporting business processes.

Continuous Compliance Monitoring with VANTA

Prisme.ai utilizes VANTA to automate and continuously monitor our security compliance status:

Real-time assessment of security controls
Automated evidence collection
Continuous verification of policy implementation
Streamlined security questionnaire responses

Our Trust Center is available upon request, providing customers with transparent visibility into our security posture and compliance status.

Regulatory Compliance

Prisme.ai helps customers meet their regulatory obligations across various industries and regions: The General Data Protection Regulation (EU):

Data processing agreements (DPAs) available for all customers
EU-compliant data transfer mechanisms
Features to support data subject rights (access, deletion, etc.)
Data privacy impact assessment (DPIA) documentation
Breach notification processes within 72 hours
Data protection by design and by default implementation
Comprehensive data processing records
Cross-border data transfer controls
Privacy-focused data retention policies
Regular data protection training for all staff

AI Regulations and Standards

EU AI Act

European Union AI regulation:

Risk categorization framework adherence
Transparency requirements for high-risk AI systems
Documentation of AI model development and deployment
Regular risk assessments for AI features
Human oversight implementation
AI system registration where required

Responsible AI Framework

Our internal standards for ethical AI:

Bias detection and mitigation
Explainability and transparency
Fairness assessment
Human-in-the-loop monitoring
Ongoing evaluation of AI outputs

Security Frameworks and Standards

Prisme.ai aligns with leading security frameworks and standards:

NIST Cybersecurity Framework

Our security program incorporates the five core functions of the NIST CSF:

Identify

Developing organizational understanding to manage cybersecurity risk

Protect

Implementing safeguards to ensure delivery of critical services

Detect

Implementing activities to identify cybersecurity events

Respond

Taking action regarding detected cybersecurity incidents

Recover

Maintaining resilience and restoring capabilities impaired by incidents

Cloud Security Alliance (CSA)

Prisme.ai adheres to the Cloud Controls Matrix (CCM), providing:

Transparency through the CSA STAR Registry
Implementation of cloud-specific security controls
Regular assessment against CSA best practices

OWASP Security Practices

Our development processes incorporate OWASP security principles:

Regular security testing for OWASP Top 10 vulnerabilities
Secure coding practices
Security requirements integrated into development lifecycle
Static and dynamic application security testing

Self-Hosted Compliance

For organizations with specific compliance requirements, Prisme.ai offers self-hosted deployment options:

On-Premises

Deploy within your own data centers with complete control over the infrastructure

Private Cloud

Deploy in your own cloud environment (AWS, Azure, GCP, OVHCloud…)

Air-Gapped

For environments with no internet connectivity and highest security requirements

Hybrid

Combination of cloud and on-premises components to meet specific requirements

Compliance Documentation and Resources

Prisme.ai provides comprehensive documentation to support your compliance efforts:

Available Documentation

Trust Center: Detailed Trust Center
Penetration Test Summary: Results of our latest security testing
Risk Assessment Framework: How we evaluate and mitigate risks
Vendor Security Assessment: Information for your vendor security reviews

Requesting Documentation

To receive compliance documentation:

Existing customers: Contact your account representative or submit a request through the support portal
Prospective customers: Reach out to sales@prisme.ai to request documentation under NDA

Continuous Compliance Monitoring

Prisme.ai maintains continuous compliance through our partnership with VANTA:

Automated Controls

Continuous monitoring of security controls with automated verification

Trust Center

Comprehensive Trust Center available on demand to customers and auditors

Evidence Collection

Automated collection and organization of compliance evidence

Real-Time Status

Live compliance dashboard showing current status of all security controls

The VANTA platform enables us to maintain a continuous state of audit readiness while providing transparency to our customers. Our Trust Center offers:

Current security posture metrics
Policy documentation
Compliance certifications
Vendor risk management information
Evidence of control effectiveness
Automated security questionnaire responses

Shared Responsibility Model

Security and compliance in Prisme.ai follow a shared responsibility model:

Platform security
Infrastructure security
Application security
Security monitoring and incident response
Compliance with applicable regulations
Regular security assessments
Secure development practices

Compliance FAQs

How often are security assessments conducted?

How does Prisme.ai handle data residency requirements?

What security measures are in place for AI models?

How does Prisme.ai handle security incidents?

Additional Resources

Data Privacy

Learn about our data privacy practices and controls

Single Sign-On

Implement SSO for enhanced security and user management

Trust Center

Comprehensive resource for all security and compliance information

Contact Information

For compliance-related inquiries or to request additional information:

Security Team: security@prisme.ai

DSUL

Templates

Tutorials

Security & Compliance

Support

Security Certifications

ISO 27001

ISO 27001

Continuous Compliance Monitoring with VANTA

Regulatory Compliance

AI Regulations and Standards

EU AI Act

Responsible AI Framework

Security Frameworks and Standards

NIST Cybersecurity Framework

Cloud Security Alliance (CSA)

OWASP Security Practices

Self-Hosted Compliance

On-Premises

Private Cloud

Air-Gapped

Hybrid

Compliance Documentation and Resources

Available Documentation

Requesting Documentation

Continuous Compliance Monitoring

Automated Controls

Trust Center

Evidence Collection

Real-Time Status

Shared Responsibility Model

Compliance FAQs

Additional Resources

Data Privacy

Single Sign-On

Trust Center

Contact Information

DSUL

Templates

Tutorials

Security & Compliance

Support

​Security Certifications

ISO 27001

​ISO 27001

​Continuous Compliance Monitoring with VANTA

​Regulatory Compliance

​Data Protection Regulations - GDPR

​AI Regulations and Standards

EU AI Act

Responsible AI Framework

​Security Frameworks and Standards

​NIST Cybersecurity Framework

​Cloud Security Alliance (CSA)

​OWASP Security Practices

​Self-Hosted Compliance

On-Premises

Private Cloud

Air-Gapped

Hybrid

​Compliance Documentation and Resources

​Available Documentation

​Requesting Documentation

​Continuous Compliance Monitoring

Automated Controls

Trust Center

Evidence Collection

Real-Time Status

​Shared Responsibility Model

​Compliance FAQs

​Additional Resources

Data Privacy

Single Sign-On

Trust Center

​Contact Information

Security Certifications

ISO 27001

Continuous Compliance Monitoring with VANTA

Regulatory Compliance

Data Protection Regulations - GDPR

AI Regulations and Standards

Security Frameworks and Standards

NIST Cybersecurity Framework

Cloud Security Alliance (CSA)

OWASP Security Practices

Self-Hosted Compliance

Compliance Documentation and Resources

Available Documentation

Requesting Documentation

Continuous Compliance Monitoring

Shared Responsibility Model

Compliance FAQs

Additional Resources

Contact Information